Oracle Audit Vault and Database Firewall可监视Oracle和非Oracle数据库流量，从而检测和阻止威胁；并对来自数据库、操作系统、目录等数据源的数据进行整合，从而改进合规性报告。

概述

准确检测和阻止未授权数据库活动，例如，通过监视Oracle和非Oracle数据库流量阻止SQL注入攻击

将数据库、操作系统、目录、文件系统和自定义数据源生成的审计数据和日志整合到安全的集中信息库中

结合监视数据与审计数据提供企业安全智能和有效的合规性报告

利用独特的SQL语法分析引擎和黑名单确保高准确性和性能

通过易于部署的“软件设备”提供横向和纵向可扩展性

优势

第一道防线：透明地检测和阻止SQL注入攻击、特权扩大以及Oracle、Microsoft SQL Server、IBM DB2、SAP Sybase和MySQL数据库面临的威胁

更快地响应：自动检测违背安全策略的未授权数据库活动，使破坏者无处遁形

简化合规性报告：使用现成的合规性报告轻松分析审计数据和事件数据，并及时采取应对措施

Oracle Audit Vault and Database Firewall Standard + Server 12.1.0 | 3.05-3.38 GB

Oracle Audit Vault and Database Firewall provides a first line of defense for databases and consolidates audit data from databases, operating systems, and directories. A highly accurate SQL grammar-based technology monitors and blocks unauthorized SQL traffic before it reaches the database. Information from the network is combined with detailed audit information for easy compliance reporting and alerting. With Oracle Audit Vault and Database Firewall, monitoring controls can be easily tailored to meet enterprise security requirements.

Database Firewall for Activity Monitoring and Blocking

Oracle Database Firewall provides a sophisticated next-generation SQL grammar analysis engine that inspects SQL statements going to the database and determines with high accuracy whether to allow, log, alert, substitute, or block the SQL. Oracle Database Firewall supports white list, black list, and exception list based polices. A white list is simply the set of approved SQL statements that the database firewall expects to see. These can be learned over time or developed in a test environment. A black list includes SQL statements from specific users, IP addresses, or specific types that are not permitted for the database. Exception list-based policies provide additional deployment flexibility to override the white list or black list policies. Policies can be enforced based upon attributes, including SQL category, time of day, application, user, and IP address. This flexibility, combined with highly accurate SQL grammar analysis, enables organizations to minimize false alerts, and only collect data that is important. Database Firewall events are logged to the Audit Vault Server enabling reports to span information observed on the network alongside audit data.

Fine Grained, Customizable Reporting and Alerting

Dozens of out-of-the-box reports provide easy, customized reporting for regulations such as SOX, PCI DSS, and HIPAA. The reports aggregate both the network events and audit data from the monitored systems. Report data can be easily filtered, enabling quick analysis of specific systems or events. Security Managers can define threshold based alert conditions on activities that may indicate attempts to gain unauthorized access and/or abuse system privileges. Fine grained authorizations enable the Security Manager to restrict auditors and other users to information from specific sources, allowing a single repository to be deployed for an entire enterprise spanning multiple organizations.

What's New in Oracle Audit Vault and Database Firewall Release 12.1.2

New Enterprise-Grade Features

iSCSI SAN storage support for audit repository

NFS storage support for audit data archiving

Simplified Audit Vault Agent deployment

Audit Vault Agent automatic update

Policy alerts forwarding to syslog

Audit Vault repository protection by Oracle Database Vault

Extended Platform Support

Database Firewall support for Oracle Database 9i and MySQL 5.6

Windows and Linux 32-bit host OS for Audit Vault Agents

Oracle Linux 6.x OS (with auditd 2.2.2 up to version 6.4) auditing support

Additional Improvements and Enhancements

Oracle Database 12c user entitlement report enhancement

Easier UI for Secured Target registration

Reports improvements on audit data quality and completeness

Single button download of Audit Vault Server diagnostic files